Thursday, September 6, 2012

As you all know The WSO2 Identity Server provides entitlement
management by XACML fine-grained policy based access control. In this post I will introduce a Proxy Components for use this functionality in JAVA applications. This will make the users life easy in following ways,

User have to invoke a method in the proxy to get a entitlement decision.

User don't have to implement XACML request related things to use a XACML policy hosted in IS. The proxy hides those complexity from user.

Entitlement requests can be sent either using XACML 3.0 or XACML 2.0.

The proxy provides list of methods which will most of the authorization request scenarios which a user can have.

User can use SOAP, Thrift or JSON to PDP PEP communication. User doesn't have to worry about the communication implementation.

Several PEPs can use same Proxy to communicate with several PDPs(WSO2 IS instances) at the same time.

Here you can see that there are duplicates of same method with "String appId" and without. When the proxy is initialized it will assign a default primary PEP as defaultAppId. That means the PDP mapping for the defaultAppId is used for make the queries. When we specify a specific PEP configuration by giving "String appId", PEP Proxy will use those configuration to make the quires from WSO2 IS. All the methods which doesn't have "String appId" argument will use the default configuration.

Following JAVA class will give a example to use PEP Proxy. I used a Sample XACML policy hosted in WSO IS. That policy is given below Also,

Run this Java Class with the dependency jar of PEPProxy. You can get that by building the source given below. That will give you the latest jar of PEPProxy. What you have to do is run mvn clean install in the source folder.